Netflix customers must remain vigilant, with a phishing email landing in inboxes, claiming that your account has been suspended. Once again, scammers have imitated the popular streaming service, in an attempt to steal sensitive credentials, including login details and credit card information to sell on the dark web and use in follow-on criminal campaigns. With millions of subscribers worldwide, it is highly likely that unsuspecting users will fall prey to this scam.
The email alerts the recipient with the subject line, ‘Your account has been suspended, please update your information!’ purportedly being sent from ‘NETFLIX’. The body of the email advises the user that their billing information has not been validated, which will ensue in the suspension of their Netflix membership if not rectified in the next 48 hours. Scammers have used this message to create a sense of urgency in the user, in the hope of luring victims in to provide credit card information. The Netflix logo and branding has been used to feign authenticity.
Here’s what the email looks like:
Unsuspecting users who click on the red ‘restart your membership’ link, are taken to the page below which asks for Netflix login details, username, and password. From the screenshot below you can see that the page has been designed to look like an actual Netflix sign-in page, with scammers going to extra detail to include a Facebook login and new member sign-up options.
After entering details, and clicking on the ‘Sign in’ button, users are then taken to a second phishing page below, which requires victims to enter their credit card details in order to validate their billing details.
To trick the user into thinking that their credit card details have been legitimately asked for by Netflix, and subsequently, that their subscription has been restored, victims are taken to the following spoofed verification page asking them to enter a security code delivered by SMS. After which, users are redirected to a legitimate Netflix website page.
Whilst MailGuard is stopping this email scam from reaching customers, we encourage all users to exercise caution when opening messages, and to be extra vigilant against this kind of cyber-attack. If you see an email from Netflix, please make sure it is legitimate communication before you open it.
How to know if an email or text is actually from Netflix?
Netflix offers the following advice on its support page:
"We will never ask you to enter your personal information in a text or email. This includes:
More information can be found here:https://help.netflix.com/en/node/65674
MailGuard urges users not to click links or open attachments within emails that:
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.